Sun Solaris vulnerable to DoS when the Basic Security Module (BSM) is configured to perform auditing of specific classes

2004-06-28T00:00:00
ID VU:901582
Type cert
Reporter CERT
Modified 2004-06-28T00:00:00

Description

Overview

There is a vulnerability in Sun Solaris that could allow local users to cause a denial of service when the Basic Security Module (BSM) is configured to perform auditing of specific audit classes.

Description

Sun Microsystems describes the Basic Security Module (BSM) as a "security auditing subsystem and a device allocation mechanism that provides the required object reuse characteristics for removable or assignable devices." There is a vulnerability in Sun Solaris systems with BSM enabled that could allow local users to cause a system panic.

According to the Sun Security Alert:

Local unprivileged users may be able to panic Solaris systems with Basic Security Module (BSM) enabled causing a Denial of Service (DoS). This issue can only occur on systems where BSM has been configured to audit the Administrative audit class "ad" or the System-Wide Administration audit class "as".


Impact

A local unprivileged user could cause a denial-of-service condition.


Solution

Sun has issued an advisory which addresses this issue. For more information on patches available for your system, please refer to Sun Security Alert: 57497.


Systems Affected

Vendor| Status| Date Notified| Date Updated
---|---|---|---
Sun Microsystems Inc.| | -| 28 Jun 2004
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A

References

  • <http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57497>
  • <http://secunia.com/advisories/11930/>
  • <http://www.securitytracker.com/alerts/2004/Jun/1010572.html>
  • <http://www.securityfocus.com/bid/10594>

Credit

This vulnerability was reported by Sun Microsystems Inc.

This document was written by Damon Morda.

Other Information

  • CVE IDs: Unknown
  • Date Public: 22 Jun 2004
  • Date First Published: 28 Jun 2004
  • Date Last Updated: 28 Jun 2004
  • Severity Metric: 3.46
  • Document Revision: 7